Model driven security accreditation (MDSA)for agile, interconnected it landscapes
Proceedings of the first ACM workshop on Information security governance
OpenPMF SCaaS: Authorization as a Service for Cloud & SOA Applications
CLOUDCOM '10 Proceedings of the 2010 IEEE Second International Conference on Cloud Computing Technology and Science
Pragmatic assessment of research intensive areas in cloud: a systematic review
ACM SIGSOFT Software Engineering Notes
| Hi-index | 0.00 |
This paper describes some of the findings of a cloud research project the authors carried out in Q2/2011. As part of the project, the authors first identified security concerns related to cloud computing, and gaps in cloud-related standards/regulations. The authors then identified several hard-to-implement, but highly cloud-relevant, security requirements in numerous cloud (and non-cloud) regulations and guidance documents, especially related to ''least privilege'', ''information flow control'', and ''incident monitoring/auditing/analysis''. Further study revealed that there are significant cloud technology gaps in cloud (and non-cloud) platforms, which make it difficult to effectively implement those security policy requirements. The project concluded that model-driven security policy automation offered as a cloud service and tied into the protected cloud platform is ideally suited to achieve correct, consistent, low-effort/cost policy implementation for cloud applications.